Skip to content

CI/CD

CI/CD #1503

Workflow file for this run

name: CI/CD
on:
schedule:
- cron: "0 6 * * *"
pull_request:
workflow_dispatch:
workflow_call:
outputs:
ckan:
description: "Change in ckan container"
value: ${{ jobs.detect-changes.outputs.ckan }}
nginx:
description: "Change in nginx container"
value: ${{ jobs.detect-changes.outputs.nginx }}
solr:
description: "Change in solr container"
value: ${{ jobs.detect-changes.outputs.solr }}
environment:
description: "Changes in docker environment"
value: ${{ jobs.detect-changes.outputs.environment }}
assets:
description: "Change in assets"
value: ${{ jobs.detect-changes.outputs.assets }}
jobs:
detect-changes:
uses: ./.github/workflows/changes.yml
build-containers:
needs:
- detect-changes
name: Build Containers
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
include:
- dockerfile: ./docker/solr/Dockerfile
context: ./docker/solr
submodules: ""
build-frontend: false
name: solr
build-container: ${{ needs.detect-changes.outputs.solr == 'true' }}
- dockerfile: ./docker/nginx/Dockerfile
context: ./docker/nginx
submodules: ""
build-frontend: false
name: nginx
build-container: ${{ needs.detect-changes.outputs.nginx == 'true' }}
- dockerfile: ./ckan/Dockerfile
context: ./ckan
submodules: recursive
build-frontend: true
name: ckan
build-container: ${{ (needs.detect-changes.outputs.ckan == 'true') || (needs.detect-changes.outputs.assets == 'true') }}
steps:
- name: checkout
if: ${{ matrix.build-container == true }}
uses: actions/checkout@v4
with:
submodules: ${{ matrix.submodules }}
- name: setup docker buildx
if: ${{ matrix.build-container == true }}
uses: docker/setup-buildx-action@v3
- name: configure NPM credentials
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
run: |
cat <<EOT >> .npmrc
@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=$NPM_TOKEN
EOT
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: install nodejs v20
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
cache-dependency-path: 'package-lock.json'
- name: install npm packages
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
run: npm ci
- name: build frontend with gulp
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
run: npx gulp
- name: build images
if: ${{ matrix.build-container == true }}
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: ${{ matrix.dockerfile }}
push: false
cache-from: type=gha
cache-to: type=gha,mode=max
outputs: type=docker,dest=/tmp/${{ matrix.name }}.tar
tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/${{ matrix.name }}:latest
env:
REGISTRY: ${{ secrets.REGISTRY }}
REPOSITORY: ${{ vars.REPOSITORY }}
DOCKER_BUILD_RECORD_UPLOAD: false
- name: upload images
if: ${{ matrix.build-container == true }}
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.name }}
path: /tmp/${{ matrix.name }}.tar
test:
name: Test restricteddata extensions
runs-on: ubuntu-latest
needs:
- detect-changes
if: ${{ needs.detect-changes.outputs.ckan == 'true' }}
container:
image: ckan/ckan-dev:2.10.3
services:
solr:
image: ckan/ckan-solr:2.10-solr9
postgres:
image: postgres:12
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:3
env:
CKAN_SQLALCHEMY_URL: postgresql://ckan_default:pass@postgres/ckan_test
CKAN_DATASTORE_WRITE_URL: postgresql://datastore_write:pass@postgres/datastore_test
CKAN_DATASTORE_READ_URL: postgresql://datastore_read:pass@postgres/datastore_test
CKAN_SOLR_URL: http://solr:8983/solr/ckan
CKAN_REDIS_URL: redis://redis:6379/1
PGPASSWORD: postgres
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Create Database
run: |
psql --host=postgres --username=postgres --command="CREATE USER ckan_default WITH PASSWORD 'pass' NOSUPERUSER NOCREATEDB NOCREATEROLE;"
createdb --encoding=utf-8 --host=postgres --username=postgres --owner=ckan_default ckan_test
psql --host=postgres --username=postgres --command="CREATE USER datastore_write WITH PASSWORD 'pass' NOSUPERUSER NOCREATEDB NOCREATEROLE;"
psql --host=postgres --username=postgres --command="CREATE USER datastore_read WITH PASSWORD 'pass' NOSUPERUSER NOCREATEDB NOCREATEROLE;"
createdb --encoding=utf-8 --host=postgres --username=postgres --owner=datastore_write datastore_test
- name: Install requirements
run: |
apk add proj proj-dev proj-util geos
cd ckan/ckanext/ckanext-restricteddata
pip install -r dev-requirements.txt
pip install -r requirements.txt
pip install -e .
# Replace default path to CKAN core config file with the one on the container
sed -i -e 's/use = config:.*/use = config:\/srv\/app\/src\/ckan\/test-core.ini/' test.ini
cd ../ckanext-scheming
pip install -e .
cd ../ckanext-fluent
pip install -r requirements.txt
pip install -e .
cd ../ckanext-dcat
pip install -r requirements.txt
pip install -e .
cd ../ckanext-pages
pip install -r requirements.txt
pip install -e .
cd ../ckanext-markdown_editor
pip install -r requirements.txt
pip install -e .
- name: Run tests
run: pytest --ckan-ini=ckan/ckanext/ckanext-restricteddata/test.ini --cov=ckanext.restricteddata --disable-warnings ckan/ckanext/ckanext-restricteddata/ckanext/restricteddata/tests
- name: install codecov requirements
run: |
apk add gpg gpg-agent
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
flags: ckan
os: alpine
token: ${{ secrets.CODECOV_TOKEN }}
test-e2e:
name: test-e2e
needs:
- detect-changes
- build-containers
if: ${{ (needs.detect-changes.outputs.nginx == 'true') ||
(needs.detect-changes.outputs.ckan == 'true') ||
(needs.detect-changes.outputs.solr == 'true') ||
(needs.detect-changes.outputs.assets == 'true') ||
(needs.detect-changes.outputs.environment == 'true') }}
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: checkout
uses: actions/checkout@v4
- name: setup docker buildx
uses: docker/setup-buildx-action@v3
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_BUILD_ROLE }}
role-session-name: github-actions
aws-region: eu-north-1
- name: login to AWS ECR
id: login
uses: aws-actions/amazon-ecr-login@v2
with:
registries: ${{ secrets.AWS_PROD_ACCOUNT_ID }}
- name: download built images
uses: actions/download-artifact@v4
with:
path: /tmp
- name: load built ckan image
if: ${{ (needs.detect-changes.outputs.ckan == 'true') || (needs.detect-changes.outputs.assets == 'true')}}
run: |
docker load --input /tmp/ckan/ckan.tar
- name: load built solr image
if: ${{ needs.detect-changes.outputs.solr == 'true' }}
run: |
docker load --input /tmp/solr/solr.tar
- name: load built nginx image
if: ${{ needs.detect-changes.outputs.nginx == 'true' }}
run: |
docker load --input /tmp/nginx/nginx.tar
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: configure .env
shell: bash
run: |
cp -f docker/.env.template docker/.env
pip install "python-dotenv[cli]"
dotenv -f docker/.env set REGISTRY ${REGISTRY}
dotenv -f docker/.env set REPOSITORY ${REPOSITORY}
dotenv -f docker/.env set MATOMO_ENABLED false
dotenv -f docker/.env set TEST_MODE true
env:
REGISTRY: ${{ secrets.REGISTRY }}
REPOSITORY: ${{ vars.REPOSITORY }}
- name: bring services up
working-directory: docker
run: |
docker compose -f docker-compose.yml -f docker-compose.build.yml -p restricteddata up -d
- name: wait until services have started
shell: bash
timeout-minutes: 5
run: |
# wait for services to start properly
while [[ $(curl -L --write-out '%{http_code}' --silent --output /dev/null http://localhost) != "200" ]]; do
echo "waiting for services to start up and initialize ..."
sleep 5s
done
sleep 5s
# print the list of containers
docker ps -a
# print logs to debug errors
docker logs restricteddata-ckan-1
docker logs restricteddata-solr-1
docker logs restricteddata-nginx-1
- name: Build robot container
run: docker build -t robot/test robot/
- name: Run robot tests
shell: bash
run: docker run --rm --network host -v ./results:/robot/results robot/test
- name: upload robot test results to XRay
if: always() && github.ref == 'refs/heads/main'
shell: bash
env:
JIRA_ACCESS_TOKEN: ${{ secrets.JIRA_ACCESS_TOKEN }}
JIRA_URL: ${{ secrets.JIRA_URL }}
JIRA_PROJECT_ID: ${{ secrets.JIRA_PROJECT_ID }}
run: |
curl -H "Authorization: Bearer ${JIRA_ACCESS_TOKEN}" -F file=@results/output.xml "${JIRA_URL}/rest/raven/1.0/import/execution/robot?projectKey=${JIRA_PROJECT_ID}"
- name: upload robot test result artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: robot-results
path: results/*
- name: export docker logs if running tests fails
if: failure()
shell: bash
run: |
docker logs restricteddata-ckan-1 > /tmp/restricteddata-ckan-1.log 2>&1
docker logs restricteddata-ckan_cron-1 > /tmp/restricteddata-ckan_cron-1.log 2>&1
docker logs restricteddata-solr-1 > /tmp/restricteddata-solr-1.log 2>&1
docker logs restricteddata-nginx-1 > /tmp/restricteddata-nginx-1.log 2>&1
- name: upload log artifacts
if: failure()
uses: actions/upload-artifact@v4
with:
name: docker-logs
path: /tmp/restricteddata-*.log
test-cdk:
name: test-cdk
runs-on: ubuntu-latest
timeout-minutes: 15
concurrency:
group: ${{ github.ref }}/test-cdk
cancel-in-progress: true
permissions:
id-token: write
contents: read
steps:
- name: checkout
uses: actions/checkout@v4
- name: install nodejs v20
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
cache-dependency-path: 'cdk/package-lock.json'
- name: install cdk npm packages and verify installation
working-directory: cdk
run: |
npm install
npx cdk doctor
- name: build cdk project
working-directory: cdk
run: |
npm run build
- name: test cdk project
working-directory: cdk
run: |
npm run test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
flags: cdk
token: ${{ secrets.CODECOV_TOKEN }}